In 2007, the Office of Management and Budget directed federal agencies to reduce the unnecessary use of SSNs; CMS has to-date failed to commit to a plan to remove social security numbers from Medicare cards, GAO representatives told the House Ways and Means Committee’s subcommittees on social security and health on Wednesday.
In a 2011 report, CMS identified various options for removing SSNs, but it has yet to commit to one option or take any action, placing Medicare recipients at continued risk for identity theft, the GAO officials warned. There are currently 48 million Medicare cards in circulation that display SSNs as part of the health insurance claim number.
One option recommended by CMS is to truncate the SSN so that only the last four digits would appear on the card. The other options entail replacing the display of the SSN on the Medicare card with a newly developed identifier that CMS calls the Medicare Beneficiary Identifier. In one scenario, only the beneficiary would use the identifier, while the provider would continue to use SSNs to interact with CMS. In the other scenario, the identifier would be used for all Medicare transactions.
GAO supports the latter option because it provides the most protection against identity theft. “Under this option, beneficiaries’ risk of identity theft would be reduced in the event that their card was lost or stolen because the SSN would no longer be printed on the card. In addition, because providers would not need the SSN to interact with CMS, they would not be required to collect or maintain this information, reducing the beneficiaries’ vulnerability in the event of a provider data breach”, the GAO officials testified.
CMS estimated that implementing any of the options would cost the agency between $803 and $845 million, about two-thirds of which would be spent on modifying existing Medicaid IT systems.
The GAO officials testified that they considered the cost estimates inflated. CMS responded that they would develop new cost estimates based on the GAO’s recommendations.